Ironclad Defense Against Hacking... Mandatory IoT Security Certification 추진

[Asia Economy Reporter Lim Hye-seon] The government is pushing for mandatory information security certification for devices connected to information and communication networks (IoT security certification) and strengthening incentives for certified products. This reflects the reality that while the use of smart home and Internet of Things (IoT) devices is becoming widespread, the security level remains vulnerable.

On the 27th, the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) launched a project titled “Establishing Policies to Activate IoT Security Certification,” which will run until December. The purpose is to reform the IoT security certification system. The main contents include supporting mandatory policies such as establishing selection criteria for essential IoT security-certified products and supporting incentive policies such as expanding market channels for products that have obtained IoT security certification. The government plans to establish protective measures by dividing the scope of IoT devices into eight sectors: home appliances, transportation, finance, smart cities, healthcare, manufacturing and production, housing, and telecommunications.

First, the mandatory targets will be reviewed by categorizing all IoT devices, some limited IoT devices, and devices introduced by service providers above a certain scale. Then, through legal amendments, products and standards subject to mandatory IoT security certification will be established. The appropriateness and effectiveness of regulations following the introduction of mandatory IoT security certification will also be examined.

Incentive policies for certified products will also be improved. Plans to strengthen incentives include economic, evaluative, administrative incentives, and beneficiary-centered benefits to provide institutional advantages for the IoT security certification system. Economic effects of obtaining IoT security certification and predictive analyses of economic effects upon introducing incentives will be derived, along with institutional improvement plans. Additionally, laws and administrative rules of related government ministries that need to reflect IoT security certification will be investigated.

The government is introducing security enhancement policies for IoT devices because damages related to IoT are increasing, but the related systems are not sufficiently established to ensure the safety and convenience of the public. In fact, in November last year, videos illegally filmed inside homes, presumed to be in South Korea, were leaked. Cameras on wall pads used for video calls between units in about 700 apartment complexes were hacked, exposing the most sensitive personal information?private lives?in a blatant manner.

According to KISA, the number of reported IoT-related security vulnerabilities reached 1,751 over the past five years. The number of AI speaker subscribers has exceeded 17 million, accounting for 31% of South Korea’s resident population and 68.8% of households (23.38 million households). However, since the introduction of the ‘IoT Security Certification’ by KISA in December 2017 to promote security internalization, not a single company has obtained the certification. Meanwhile, security vulnerabilities in AI speakers surged from 8 in 2018 to 42 in 2020.

To prevent security incidents and ensure stable network operation, strengthened home network regulations will also be implemented. Previously, the Ministry of Science and ICT and others announced security regulations mandating the separation of communication networks between households in the “Intelligent Home Network Equipment Installation and Technical Standards.” In newly built apartments, the network between the complex server and each household’s home gateway must be physically separated to prevent data exposure and theft, or logically separated using virtual private networks, virtual local area networks, encryption technologies, or other software methods. The government also urges safe software development in the home network device manufacturing sector and conducts response activities such as checking for known security vulnerabilities.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.